Windows : Microsoft Bulletins : Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.902833

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS12-035.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS12-035.

Vulnerability Insight:
The flaws are due to

- An error within the .NET Framework does not properly serialize user input
and can be exploited to treat untrusted input as trusted.

- An error within the .NET Framework does not properly handle exceptions when
serializing objects and can be exploited via partially trusted assemblies.

Vulnerability Impact:
Successful exploitation could allow an attacker to execute arbitrary code
with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions.

Affected Software/OS:
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4.

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-0160
BugTraq ID: 53356
http://www.securityfocus.com/bid/53356
Cert/CC Advisory: TA12-129A
http://www.us-cert.gov/cas/techalerts/TA12-129A.html
Microsoft Security Bulletin: MS12-035
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15554
http://www.securitytracker.com/id?1027036
http://secunia.com/advisories/49117
Common Vulnerability Exposure (CVE) ID: CVE-2012-0161
BugTraq ID: 53357
http://www.securityfocus.com/bid/53357
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14951

Copyright Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.902833
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS12-035.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS12-035. Vulnerability Insight: The flaws are due to - An error within the .NET Framework does not properly serialize user input and can be exploited to treat untrusted input as trusted. - An error within the .NET Framework does not properly handle exceptions when serializing objects and can be exploited via partially trusted assemblies. Vulnerability Impact: Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Affected Software/OS: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0160 BugTraq ID: 53356 http://www.securityfocus.com/bid/53356 Cert/CC Advisory: TA12-129A http://www.us-cert.gov/cas/techalerts/TA12-129A.html Microsoft Security Bulletin: MS12-035 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15554 http://www.securitytracker.com/id?1027036 http://secunia.com/advisories/49117 Common Vulnerability Exposure (CVE) ID: CVE-2012-0161 BugTraq ID: 53357 http://www.securityfocus.com/bid/53357 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14951
Copyright	Copyright (C) 2012 Greenbone AG